On 2026-05-11, an OSV advisory GHSA-wxxx-gvqv-xp7p disclosed a sandbox escape vulnerability in LiteLLM (CVE-2026-40217)...

On 2026-05-11, an OSV advisory GHSA-wxxx-gvqv-xp7p disclosed a sandbox escape vulnerability in LiteLLM (CVE-2026-40217) affecting custom-code guardrail functionality. The vulnerability allows an attacker to escape the sandbox and execute arbitrary code, potentially compromising the host system. LiteLLM is an open-source AI gateway used for model access, fallbacks, and spend tracking across 100+ LLMs. While the advisory does not specify a fix version, it implies a security risk for users deploying LiteLLM with custom guardrails. The frequent PyPI releases observed around June 2026 (versions 1.84.4 to 1.88.0rc3) may include a fix, but no confirmation is provided. This issue could erode trust in LiteLLM's security posture, making it a negative signal for the product.